Thoughts from James Shewmaker on current issues in Computer and Network security.

Tuesday, July 15, 2008

I love being right

I just wrapped up Community SANS Costa Mesa on Saturday. One of the last things I told the class was "The next Big Thing to go Boom[TM]? DNS." With all the pre-Blackhat/defcon speculation, the word is that Dan Kaminsky is going to blow the roof off of DNS again. The guy is definitely good, and I would not be surprised if DNS starts playing a larger role in exploits overall.

Think about it: Why waste your own botnot resources when you can use somebody else's? DNS is a dangerously beautiful beast of a distributed database system. Top it off with the fact that we can use somebody else's servers for practically free. I think DNS is still overlooked too often. There's been statements made simliar to the effect of: "Google, properly leveraged, is the greatest hacking tool." Google is very powerful--it helps you find things. This is what DNS does. DNS has one advantage over Google, and that is that the random hacker has more control over DNS.

So I think the staged dropping style used by malware will begin to be mirrored with distributed attacks, controlled via DNS. DNS can be signaling or storage, so I will expect to see everything but the payload commonly stashed in DNS somewhere . . .

In other news, not sure yet if I'll make it to SANSFIRE. Next on the agenda is to finish what I've been calling StegoFS for my DefCon Talk, then to Boulder, CO for SANS Network Pentesting and Ethical Hacking (Security 560). I'm really looking forward to it; hoping I can fly into Denver, have some serious Brazilian BBQ, then hack away the rest of the week.